STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM z/OS must be configured to restrict all TCP/IP ports to ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-223821r604139_rule

Vulnerability Number

V-223821

Group Title

SRG-OS-000297-GPOS-00115

Rule Version

RACF-TC-000020

Severity

CAT II

CCI(s)

• CCI-002314 - The information system controls remote access methods.

Weight

10

Fix Recommendation

Configure TCP/IP PROFILE port definitions to adhere to ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments.

Check Contents

Refer the TCP/IP PROFILE DD statement to determine the TCP/IP Ports. If the PROFILE DD statement is not supplied, use the default search order to find the PROFILE data set.

See the IP Configuration Guide for a description of the search order for PROFILE.TCPIP.

If the all the Ports included in the configuration are restricted to the ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments, this is not a finding.

Vulnerability Number

V-223821

Documentable

False

Rule Version

RACF-TC-000020

Severity Override Guidance

Refer the TCP/IP PROFILE DD statement to determine the TCP/IP Ports. If the PROFILE DD statement is not supplied, use the default search order to find the PROFILE data set.

See the IP Configuration Guide for a description of the search order for PROFILE.TCPIP.

If the all the Ports included in the configuration are restricted to the ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments, this is not a finding.

Check Content Reference

M

Target Key

4101

Comments